Actu
IMF Investigates Serious Cybersecurity Breach with Matt Aldridge, Principal Solutions Consultant, OpenText Cybersecurity
March 2024 by Matt Aldridge, Principal Solutions Consultant at OpenText Security Solutions
Yesterday, outlets were reporting on the International Monetary Fund’s investigation into a cybersecurity breach which has resulted in the compromise of several internal email accounts. The US-led organisation is reported as being a potential popular target for cyberattacks by state sponsored actors. The commentary from Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity discussing the incident.
“It’s evident that the sensitivity of information that large financial organisations, such as the IMF, possess has a tremendous impact on the exposure and damage that can befall such organisations and their employees in the face of a cyber-attack. Personal information about employees such as email addresses will fetch a high price on dark web cybercrime forums and marketplaces. Alternatively, these email addresses can be used to create cleverly constructed social engineering attacks that will undoubtedly cause further damage."
“Security of email accounts is paramount, because they can unlock the door into any other account possessed by the user. This happens because, ubiquitously, online accounts have a password reset feature which depends upon the security of the user’s underlying email account so that the password can be reset if it is lost – attackers can abuse this capability to jump from one compromised email account into sensitive accounts on many other systems. It is imperative that users appreciate how their email account effectively holds the keys to their online kingdom.”
"It is critical that businesses and organisations in the financial services and governance areas invest appropriately in their cyber defences and, wherever possible, that they have their approach validated by trusted independent third parties. Keeping adequate technical defences in place to ensure cyber resilience – including multi-layer protection at the endpoint and in the cloud, threat intelligence, up-to-date software and operating systems – is no longer a negotiable option, but a baseline requirement."
"In order to mitigate against cyber threats, regular education and phishing simulations are a must, and all employees and contractors must stay updated with current trends. Rather than viewing data protection as a box-ticking exercise, it should be viewed as a key priority, and integrated into every aspect of the financial business otherwise they will have to face the consequences. Employee awareness and vigilance is the most powerful tool in the cyber resilience kit-bag. Leveraging these approaches, financial organisations will stay one step ahead, protecting their organisation and employees."
